ATM Programmer’s Reference Manual Leaked Online

  • 8 October 2014
  • 2 replies
  • 1 view

Userlevel 7
Badge +54
It is some consolation I think that the majority of home users value security more than these businesses appear to, they just seem to leave the door open for everyone.
 
 
Tyupkin ATM malware author may have used such documentation
By Ionut Ilascu on October 8th, 2014 "A document containing various references for programming automated teller machines (ATMs) has been found online using the Chinese Baidu search engine.
News of malware designed specifically for ATMs has become more frequent lately, and with such an asset at the disposal of malware authors, things may have just started to get worse.

Security researchers at F-Secure found the API documentation for cashpoints manufactured by NCR Corporation, which would help a malicious actor create malicious code that can interact with the ATM. These machines run on Windows Embedded operating system and feature some differences when compared to the regular editions of the OS." Full Article

2 replies

Userlevel 3
I wounder of the said manufacturer of that specific ATM has been notified about the programming of that ATM?  As far as I know, specific codes to access each ATM is unique or different depending on the make & model besides entering credit card #'s and so forth!  For example, and unique combination of keys can be entered to gain access to admin layer for a certain ATM machine and once in, can gain access to almost all the history of the transactions on that specific machine!  Anyway, just thought I post something here mainly to know if the ATM Mfger is aware of that for the one specified!
 
 
Userlevel 7
Badge +54
by Pierluigi Paganini on October 10th, 2014  http://securityaffairs.co/wordpress/wp-content/uploads/2014/10/ATMs-malware-attacks-wosa-ncr-300x231.png  

A document on NCR ATM API Documentation disclosed on Baidu may have helped criminals to develop malware used in the recent attacks against ATMs worldwide.

Recently Kaspersky Lab spotted a series of attacks on ATM machines which where infected by the Tyupkin malware, the malicious code is used by criminal organizations to compomise the banking machines and force them to release cash on demand, at least 50 ATMs, mainly in Eastern Europe, have been infected.
Tyupkin isn’t the unique malware used by criminals to compromise ATMs, in May 2013 researchers spotted another ATM Trojan, dubbed Padpin, meanwhile in October 2013, security experts at Symantec warned about the Ploutus that was designed with the same intent.
The blog post published by Symantec refers to a strain of Ploutus malware detected in 2013 on ATMs in Mexico and is designed to compromise a certain type of standalone ATM with just the text messages.
 
Full Article

Reply